Skip to content

Pickle Rick Banner

Pickle Rick Logo

Pickle Rick

This guide contains the answer and steps necessary to get to them for the Pickle Rick room.

Pickle Rick

In this room we are tasked with finding the three ingredients necessary to turn Rick back into a human by finding vulnerabilities in a web application.

  1. What is the first ingredient that Rick needs?

Lets do some enumeration first with nmap and dirbuster.

nmap gives us two open ports 22 (ssh) and 80 (http).

sudo nmap -sS -sV 10.10.3.164

Nmap

Unfortunately, the ssh service require an authentication key and won't work with just a password.

Dirbuster gives us a couple interesting and usefull results.

gobuster dir -u http://10.10.3.164/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,html,txt

Directories

As we can see we have a login page, assets directory with access, server-status page (no access, 403), and robots.txt.

On the webpage itself, when looking at the source code, we can find Rick's username.

Homepage Username

On the log in page, we try some basic SQL injection, but that doesn't work.

For now, the assets directort doesn't contain anything of interest.

Looking at the robots.txt file, we do come accross something interesting.

Robots

Could this be our password? Login in with these credentials actually works and brings us to the portal screen.

Portal Login

Here we see a command page with which we can execute commands. On the system itself?

Unfortunately, all the other pages lead to a denied page.

Denied

Lets try some commands. Using whoami we can indeed see, we can execute commands on the system.

Commands Whoami

Lets try finding any interesting files with ls.

Commands Files

Reading the first file gives us an error telling that the command cat has been disabled..

Commands Cat

Luckily for us, there are more ways to read a file. nl for example. Looks like we just found our first ingredient!

First Ingredient

Click for answermr. meeseek hair

  1. What is the second ingredient in Rick’s potion?

The clue.txt file tells us to look at other system files for the ingredients.

Commands Clue

Lets look at the home folder for any other users. Looks like there is a rick folder.

Commands Users

Going through these folders we eventually come across a file with the second ingredient.

Second Ingredient

Click for answer1 jerry tear

  1. What is the last and final ingredient?

Another interesting folder to look at when we were enumerationg the system is the root folder. We don't have permissions to view the folder, so we must elevate our privileges somehow.

Using sudo -l we can check what commands we are allowed to execute with sudo privileges.

Commands Sudo

Looks like we can execute everything with sudo. So lets look in the root folder using: sudo ls /root.

This works! And we can find a 3rd ingredient file in this folder.

Third Ingredient

Click for answerfleeb juice